.

Set gateway from router

<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Mon Oct 10, 2011 11:06 am

Set gateway from router

Interesting dilemma, I don't know if this is possible.

Topology
(corp hq)----{internet}-----[VPN router]-----(windows XP box)

IPSec VPN tunnel is up between remote VPN router and corp HQ.  Windows machine is directly connected to the internal side of the router, but no default gateway is set.

I can SSH into the router and ping the windows box, but cannot ping the windows box directly.

Is there a way to set the gateway FROM the router since that's the only way I can communicate to it?  The alternative is flying to the remote site and setting the gateway.  Ouch.

Any help would be appreciated.  I have tried a few things without success (for example, enable NAT on the router to do translation; does NOT work because the order NAT is applied versus the VPN tunnel).

Hacks are welcome as long as the remote site is recoverable afterward!  :)
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 10, 2011 2:39 pm

Re: Set gateway from router

So you're trying to remotely set the gateway of the Windows box but since it doesn't have a gateway, you can only get to it from the router which is on the same local network, right? Just want to be sure.

Are there any other windows boxes on that network that DO have a gateway set? What type of router are you dealing with? You can PM me if you don't want to broadcast it :)
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Mon Oct 10, 2011 5:37 pm

Re: Set gateway from router

No worries, consider this to be a generic remote office setup.  Windows XP box sitting behind a Cisco router, running the most up to date Cisco IOS 15.X.  Users use the system locally as a standalone box.  VPN is for remote training, troubleshooting, administration, updates, etc.  In this case the installer forgot to set that one little setting.....default gw.

You are correct in your understanding, so you know what my problem is.  No gateway = no routing.  One way traffic is fine, but the responses never come back.  I can get to the server from the router itself, as you say.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 10, 2011 5:51 pm

Re: Set gateway from router

All the boxes on the remote LAN have no default gateway?
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Mon Oct 10, 2011 6:01 pm

Re: Set gateway from router

There is only one box, so, correct.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Mon Oct 10, 2011 6:11 pm

Re: Set gateway from router

Is the remote box running ssh or telnet? Otherwise you're looking at using port forwarding on the Cisco with an ACL. This assumes you've got services even running on that box. If you have SMB running for example, you could use psexec or if the box isnt patched you could use an exploit to get a shell on it.

If you use port forwarding, and you're opening up 445 to it, make sure your ACL is tight, you dont want that thing on the Internet.

*****

Ugh just realized that PAT wont work if that box has no default gateway. hmmm. Let me think.
Last edited by cd1zz on Mon Oct 10, 2011 7:08 pm, edited 1 time in total.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Mon Oct 10, 2011 7:14 pm

Re: Set gateway from router

No ssh or telnet, but windows file sharing is on.  I was thinking port forwarding, but i think the problem with the gateway still persists since the source addr is not changed, or am I wrong?
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Mon Oct 10, 2011 7:19 pm

Re: Set gateway from router

Other things I've thought of:

There is somewhat of a port of netcat for IOS called IOScat, though it has limited functionality and even still it would be the same as port forwarding.

No return traffic rules out TCP, but UDP should work?  Maybe there's an exploit that can use entirely UDP, sort of like blind sql injection but with packets, lol.

If there was a way of embedding shell + netsh command into a payload, capturing the packets and then replaying them from the router, not sure how to do that though.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Oct 11, 2011 8:39 am

Re: Set gateway from router

Yeah but you'd still need a bind shell listening on that problem XP box. Is there any human being sitting at this PC? If so, I'd just send a bind shell on a usb drive, or better yet, a netsh command in a batch file and have them open it or setup an autorun script (assuming they dont have that patched).

If you can get a bind shell on that box you could use that IOScat to interface with the PC.
<<

l33t5h@rk

Post Tue Oct 11, 2011 9:10 am

Re: Set gateway from router

cd1zz wrote:better yet, a netsh command in a batch file and have them open it


This was going to be my suggestion as well. Use netsh to configure all of the network settings and you should be able to get the connection up.
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Oct 11, 2011 9:54 am

Re: Set gateway from router

He has no way to get a remote command shell on the box though, that's the problem.
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Oct 11, 2011 10:00 am

Re: Set gateway from router

Yeah, thanks for the suggestions but you are right.  If only there were a way to invoke WSH or WMI from the router... ugh.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

yatz

Full Member
Full Member

Posts: 222

Joined: Tue May 25, 2010 2:58 pm

Post Tue Oct 11, 2011 10:09 am

Re: Set gateway from router

As you can probably tell, it really irks me that such a simple thing is getting in my way.  I keep telling myself there MUST BE A WAY.  It's just networking.  I have Cisco IOS, I have admin credentials for the box at the other end, just no way to get a TCP connection because return traffic is being dropped.
"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Tue Oct 11, 2011 10:10 am

Re: Set gateway from router

No human at the other end? I would just have someone go over and do it!
<<

l33t5h@rk

Post Tue Oct 11, 2011 11:30 am

Re: Set gateway from router

cd1zz wrote:No human at the other end? I would just have someone go over and do it!


Pretty much where we're at. Those damn humans keep getting in the way of productivity.
Next

Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software